diff options
| author | Ayush Ranjan <ayushranjan@google.com> | 2021-03-03 10:23:55 -0800 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-03-03 10:25:58 -0800 |
| commit | a9441aea2780da8c93da1c73da860219f98438de (patch) | |
| tree | 8b12915756f5bfb926218214cd7bc0b3281605fd /pkg/seccomp/seccomp_unsafe.go | |
| parent | b8a5420f49a2afd622ec08b5019e1bf537f7da82 (diff) | |
[op] Replace syscall package usage with golang.org/x/sys/unix in pkg/.
The syscall package has been deprecated in favor of golang.org/x/sys.
Note that syscall is still used in the following places:
- pkg/sentry/socket/hostinet/stack.go: some netlink related functionalities
are not yet available in golang.org/x/sys.
- syscall.Stat_t is still used in some places because os.FileInfo.Sys() still
returns it and not unix.Stat_t.
Updates #214
PiperOrigin-RevId: 360701387
Diffstat (limited to 'pkg/seccomp/seccomp_unsafe.go')
| -rw-r--r-- | pkg/seccomp/seccomp_unsafe.go | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/pkg/seccomp/seccomp_unsafe.go b/pkg/seccomp/seccomp_unsafe.go index f7e986589..7202591df 100644 --- a/pkg/seccomp/seccomp_unsafe.go +++ b/pkg/seccomp/seccomp_unsafe.go @@ -15,9 +15,9 @@ package seccomp import ( - "syscall" "unsafe" + "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/abi/linux" ) @@ -26,9 +26,9 @@ import ( // This is safe to call from an afterFork context. // //go:nosplit -func SetFilter(instrs []linux.BPFInstruction) syscall.Errno { +func SetFilter(instrs []linux.BPFInstruction) unix.Errno { // PR_SET_NO_NEW_PRIVS is required in order to enable seccomp. See seccomp(2) for details. - if _, _, errno := syscall.RawSyscall6(syscall.SYS_PRCTL, linux.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0, 0); errno != 0 { + if _, _, errno := unix.RawSyscall6(unix.SYS_PRCTL, linux.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0, 0); errno != 0 { return errno } @@ -44,7 +44,7 @@ func isKillProcessAvailable() (bool, error) { if errno := seccomp(linux.SECCOMP_GET_ACTION_AVAIL, 0, unsafe.Pointer(&action)); errno != 0 { // EINVAL: SECCOMP_GET_ACTION_AVAIL not in this kernel yet. // EOPNOTSUPP: SECCOMP_RET_KILL_PROCESS not supported. - if errno == syscall.EINVAL || errno == syscall.EOPNOTSUPP { + if errno == unix.EINVAL || errno == unix.EOPNOTSUPP { return false, nil } return false, errno @@ -55,8 +55,8 @@ func isKillProcessAvailable() (bool, error) { // seccomp calls seccomp(2). This is safe to call from an afterFork context. // //go:nosplit -func seccomp(op, flags uint32, ptr unsafe.Pointer) syscall.Errno { - if _, _, errno := syscall.RawSyscall(SYS_SECCOMP, uintptr(op), uintptr(flags), uintptr(ptr)); errno != 0 { +func seccomp(op, flags uint32, ptr unsafe.Pointer) unix.Errno { + if _, _, errno := unix.RawSyscall(SYS_SECCOMP, uintptr(op), uintptr(flags), uintptr(ptr)); errno != 0 { return errno } return 0 |